CVE-2019-3652
MEDIUMMcAfee Endpoint Security < 10.6.1 - Code Injection via EPSetup.exe
Title source: llmDescription
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10299
Scores
CVSS v3
5.0
EPSS
0.0012
EPSS Percentile
30.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Details
CWE
CWE-94
Status
published
Products (2)
mcafee/endpoint_security
10.6.1
mcafee/endpoint_security
10.5.0 - 10.5.5
Published
Oct 09, 2019
Tracked Since
Feb 18, 2026